SecurityWeek’s Cyber Insights 2025 examines opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their opinions. Here we discuss the CISO Outlook for 2025.
[...]
Regulations have become more problematic. The CISO is not merely responsible for ensuring company compliance with security related regulations but is also increasingly the target of specific role-based regulations. In particular, the SEC began to hold CISOs personally and criminally liable for failure to uphold SEC regulations (regulations that are effectively agency interpretations of the law).However, on June 28, 2024, the High Court ruled that companies could challenge agency rulings in the judicial system; weakening the whole concept of agency-led regulatory enforcement.
...
Sharon Klein, a partner at Blank Rome law firm, adds, “While we certainly do expect that this may allow more leeway in areas such as discrimination, we do not expect that regulatory rulings in cybersecurity will be eroded by courts or the plaintiffs’ bar.”
...
The requirement isn’t simply to ensure AI successes within the company, but also to prevent AI fails. “CISOs must also be able to identify channels through which sensitive information can be leaked through the use of business productivity-based AI solutions (that is, sensitive information used to train AI models) so appropriate controls can be implemented,” adds Klein.
To read the full article, please click here.
"Cyber Insights 2025: The CISO Outlook," by Kevin Townsend was published in SecurityWeek on February 4, 2025.
